× 쿠키가 비활성화 되어 있습니다! 이 사이트는 작업을 제대로 하려면 쿠키 활성화가 필요합니다.
SHA256: 9d48fbe44a72881b220a0612abb803c2cda02a6143f9939ab2e326f7a04d8aa8
파일 이름: NhVi1netIL6ZV.tdb.bin
탐지 비율: 6 / 57
분석 날짜: 2016-11-24 09:08:16 UTC ( 2년, 5개월 전 ) 최신 보기
안티바이러스 결과 업데이트
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20161124
Bkav HW32.Packed.6848 20161124
CrowdStrike Falcon (ML) malicious_confidence_89% (D) 20161024
ESET-NOD32 a variant of Win32/Kryptik.FKHZ 20161124
Sophos ML backdoor.win32.prosti.l 20161018
Qihoo-360 HEUR/QVM39.1.0000.Malware.Gen 20161124
Ad-Aware 20161124
AegisLab 20161124
AhnLab-V3 20161124
Alibaba 20161124
ALYac 20161124
Antiy-AVL 20161124
Arcabit 20161124
Avast 20161124
AVG 20161124
Avira (no cloud) 20161124
AVware 20161124
BitDefender 20161124
CAT-QuickHeal 20161124
ClamAV 20161124
CMC 20161124
Comodo 20161124
Cyren 20161124
DrWeb 20161124
Emsisoft 20161124
F-Prot 20161124
F-Secure 20161124
Fortinet 20161124
GData 20161124
Ikarus 20161124
Jiangmin 20161124
K7AntiVirus 20161124
K7GW 20161124
Kaspersky 20161124
Kingsoft 20161124
Malwarebytes 20161124
McAfee 20161124
McAfee-GW-Edition 20161124
Microsoft 20161124
eScan 20161124
NANO-Antivirus 20161124
nProtect 20161124
Panda 20161123
Rising 20161130
Sophos AV 20161124
SUPERAntiSpyware 20161124
Symantec 20161124
Tencent 20161124
TheHacker 20161124
TotalDefense 20161124
TrendMicro 20161124
TrendMicro-HouseCall 20161124
Trustlook 20161124
VBA32 20161123
VIPRE 20161124
ViRobot 20161124
WhiteArmor 20161018
Yandex 20161123
Zillya 20161123
Zoner 20161124
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1998-2013 VMware, Inc.

Product VMware Workstation
Original name adjperm.DLL
Internal name adjperm
File version 10.0.1 build-1379776
Description adjperm DLL
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-24 06:29:35
Entry Point 0x00011CC2
Number of sections 7
PE sections
Overlays
MD5 784dc2c8f58a5f9ec8176eba0943dc18
File type data
Offset 143872
Size 12727
Entropy 7.99
PE imports
LocalAlloc
GetLastError
InitializeCriticalSection
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetSystemInfo
WaitForSingleObject
GetOEMCP
LCMapStringA
HeapDestroy
ExitProcess
IsBadWritePtr
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
RtlUnwind
GetACP
FreeLibrary
GetCPInfo
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetDriveTypeW
GetEnvironmentStrings
GetCurrentProcessId
CreateSemaphoreA
WaitForMultipleObjects
DeleteFileA
CreateThread
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
SetEvent
GetCommandLineA
GetProcAddress
GetStringTypeA
IsBadReadPtr
GetTempPathA
RaiseException
CreateFileA
ReleaseSemaphore
WideCharToMultiByte
TlsFree
GetModuleHandleA
ReadFile
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
InterlockedIncrement
CloseHandle
GetTempFileNameA
ExitThread
HeapReAlloc
GetStringTypeW
GetVersion
SetFileAttributesA
HeapAlloc
TerminateProcess
GetModuleFileNameA
QueryPerformanceCounter
GetEnvironmentVariableA
HeapCreate
VirtualFree
CreateEventA
InterlockedDecrement
GetFileType
TlsSetValue
IsBadCodePtr
GetTickCount
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
GetStartupInfoA
SetLastError
ResetEvent
SendMessageA
Number of PE resources by type
RT_BITMAP 2
RT_VERSION 1
Number of PE resources by language
ENGLISH US 3
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
40960

LinkerVersion
2.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
10.0.1.41495

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
adjperm DLL

ImageFileCharacteristics
Executable, Large address aware, 32-bit, DLL

CharacterSet
Unicode

InitializedDataSize
31744

EntryPoint
0x11cc2

OriginalFileName
adjperm.DLL

MIMEType
application/octet-stream

LegalCopyright
Copyright 1998-2013 VMware, Inc.

FileVersion
10.0.1 build-1379776

TimeStamp
2016:11:24 07:29:35+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
adjperm

ProductVersion
10.0.1 build-1379776

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
VMware, Inc.

CodeSize
111616

ProductName
VMware Workstation

ProductVersionNumber
10.0.1.41495

FileTypeExtension
dll

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 7a8eddf274323f014238d3d54de8094d
SHA1 b91cbe7dd8357eab878424af7228a3e25186462b
SHA256 9d48fbe44a72881b220a0612abb803c2cda02a6143f9939ab2e326f7a04d8aa8
ssdeep
3072:5KHRu2AMRKbBfDO/mEWPcbQ3hI2HmOOmIPzrU2w2CW8YhV:ouMiNYWPcbQ3jGt/JV

authentihash cae12d80c1d741651de7e19f27c80d1d0ea614aec4d1ecc53206df38c635c20c
imphash 02e1f1b3750cf9500ed90d3f14bc8b39
File size 152.9 KB ( 156599 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
pedll overlay

VirusTotal metadata
First submission 2016-11-24 09:08:16 UTC ( 2년, 5개월 전 )
Last submission 2017-08-04 04:45:43 UTC ( 1년, 9개월 전 )
파일 이름 adjperm.DLL
NhVi1netIL6ZV.tdb.bin
adjperm
댓글이 없습니다.. 이 항목에 대해 댓글을 작성한 바이러스토탈 커뮤니티 회원이 아직 없습니다. 첫 번째로 댓글을 작성해 보십시오!

댓글 남기기...

?
댓글 달기

로그인 안됨. 등록된 사용자만 댓글을 남길 수 있습니다. 로그인하여 댓글을 남겨보십시오!

투표가 없습니다.. 아직 이 항목에 투표한 사람이 없습니다. 첫 번째로 투표해 보십시오!